ai-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Official Package Management: The skill guides the user to install the
aipackage and utilizenpx @ai-sdk/devtools. These are legitimate tools and libraries published by the vendor to support development and debugging. - Remote Configuration Retrieval: It uses
curlto fetch the most recent list of supported models fromai-gateway.vercel.sh. This allows the agent to provide accurate information about available model versions without relying on potentially outdated internal knowledge. - Documentation and Log Inspection: The skill employs standard system utilities like
grep,cat, andjqto search through localnode_modulesdocumentation and development logs. This behavior is intended to ensure the agent's responses are based on the actual source code and documentation present in the user's environment.
Audit Metadata